Category Archives: Data Security

Subscribe to Data Security RSS Feed

Unixiz Settles COPPA Allegations with NJ AG

Liisa ThomasBy Liisa Thomas on Posted in Children's Privacy, COPPA, Data Breach, Data Security, Online Privacy
Unixiz, operator of the i-Dressup site, reached an agreement with the New Jersey Attorney General to settle charges that the company had violated the Children’s Online Privacy Protection Act and the New Jersey’s Consumer Fraud Act. The New Jersey AG claimed that Unixiz violated these statutes by collecting information about children without first getting parental … Continue Reading

DOJ Report Suggests Direction For Addressing Cyber Threats

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Security, Government Privacy
As many of you have no doubt seen, the Justice Department recently released the report of the Attorney General’s Cyber Digital Task Force, a body the Attorney General had created in February. In the report, the Task Force, chaired by Deputy Attorney General Rod Rosenstein, seeks to answer the question: “How is the Department responding … Continue Reading

Vermont Is First Mover Regulating Data Brokers

Liisa ThomasAlyssa ShauerBy Liisa Thomas and Alyssa Shauer on Posted in Data Protection, Data Security
Vermont recently enacted a data broker security law, one of the first of its kind. The law requires data brokers to develop and implement a comprehensive security program. The program needs to include administrative and technical safeguards to protect personal information. Data brokers are defined as businesses that collect and sell or license data about … Continue Reading

Texas Hospital Order to Pay $4.3M for Failure to Implement its HIPAA Security Policies

Matthew ShatzkesBy Matthew Shatzkes on Posted in Data Breach, Data Security, Healthcare Privacy
A Texas hospital was recently ordered by an administrative law judge to pay a $4,300,000 penalty for three data breaches over the course of 2012 and 2013 that exposed the personal health information – including social security numbers, patient names and treatment records – of more than 33,000 individuals in violation of HIPAA. The specific … Continue Reading

Colorado Enacts Stringent Data Breach Notification Law

Liisa ThomasAmber ThomsonBy Liisa Thomas and Amber Thomson on Posted in Data Breach, Data Security
Colorado’s governor recently signed into law an update to the state’s breach notice law.  As we reported yesterday the new law takes effect on September 1, 2018. As amended, the definition of “personal information” now also includes student, military or passport identification numbers, medical information, health insurance identification numbers, biometric data, and a resident’s username … Continue Reading

Colorado Joins States in Passing Data Protection Requirements

Liisa ThomasBy Liisa Thomas on Posted in Data Security
Colorado’s recently passed breach notice law, which goes into effect on September 1, includes a data security requirement. This mirrors the change to the Louisiana breach notice law we reported about yesterday. Under the law, companies will need to have “reasonable” security practices and procedures that protect personal information. Personal information is defined as social … Continue Reading

Louisiana Adds Data Security Requirements to Breach Notice Law

Liisa ThomasBy Liisa Thomas on Posted in Data Protection, Data Security
Louisiana’s breach notice law has been amended to require companies to protect personal information. The definition of personal information matches that which -if breached- would give rise to a duty to notify. This includes name combined with social security numbers, drivers’ license (and state ID/passport numbers) or financial account numbers. The law applies to companies … Continue Reading

FTC Outlines Expected Privacy Program Elements in BLU Settlement

Liisa ThomasBy Liisa Thomas on Posted in Consumer Privacy, Data Security, FTC, Mobile Privacy
The FTC recently settled with the mobile phone company BLU Products, Inc., over allegations that the company was letting one of its vendors pull extensive and detailed personal information off of users’ phones. According to the FTC, BLU phones were pre-loaded with firmware updating tools made by ADUPS Technology. ADUPS, through its software, was then … Continue Reading

More Breach Law Changes: Arizona Updates Notice Law

Liisa ThomasAmber ThomsonBy Liisa Thomas and Amber Thomson on Posted in Data Breach, Data Security
Arizona’s Governor recently signed HB2154, which expands Arizona’s data breach notice law. The law will go into effect July 20, and will require companies to notify the state attorney general when more than 1,000 individuals have been impacted. It also allows email notice if the company has the individual’s email address.  This removes the need … Continue Reading

And Then There Was None: Alabama Becomes 50th State With Breach Notice Law

Amber ThomsonLiisa ThomasBy Amber Thomson and Liisa Thomas on Posted in Data Breach, Data Security, Privacy
Alabama is the final US state to enact data breach notification legislation. The new law takes effect on June 1, 2018 and applies to electronic “sensitive” data. This includes full Social Security and government-issued identification numbers, account and payment card numbers (in combination with security or access codes or PIN numbers), health information, and a … Continue Reading

And Then There Was One: South Dakota Passes Breach Notice Law, Alabama May Not Be Far Behind

Liisa ThomasAmber ThomsonBy Liisa Thomas and Amber Thomson on Posted in Data Breach, Data Security
South Dakota recently became the 49th US state to enact data breach notification legislation. The new law takes effect July 1, 2018 and mirrors other states’ breach notice laws. Information that if breached, gives rise to a duty to notify is defined to include Social Security and government-issued identification numbers, account and payment card numbers … Continue Reading

Crypto-Crime: The SEC and DOJ Go After BitFunder and Its BitFounder

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Consumer Protection, Data Security
Taking further steps into the world of cryptocurrency, two entities of the federal government recently took legal action against BitFunder, a now-defunct Bitcoin exchange, and its founder, Jon Montroll. The Securities and Exchange Commission filed civil charges against BitFunder and Montroll, and the U.S. Attorney’s Office in Manhattan brought criminal charges of perjury and obstruction … Continue Reading

Privacy, Data Security, and Your Board: Day Five

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy
In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Three

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy
In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

Privacy, Data Security, and Your Board: Day Two

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Cybersecurity, Data Security, Employee Privacy, Privacy
In our continuing series about privacy, data security and your board, we next turn to how to best educate a board. Yesterday we mentioned about how board members have a duty of care. Part of that duty includes effectively overseeing matters relating to privacy and data security (or the often-used buzzword “cybersecurity”). How can board … Continue Reading

SEC Takes Baby Steps on Cyber, but Signals Greater Vigilance

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Consumer Protection, Cybersecurity, Data Security, Privacy and Data Security
On February 21, the Securities and Exchange Commission issued new Interpretive Guidance regarding disclosures of cybersecurity-related information by publicly traded companies. This guidance comes in the context of public pressure on the SEC to update its 2011 Division of Corporation Finance guidance regarding cybersecurity risks and incidents. According to SEC Chairman Jay Clayton’s statement, this … Continue Reading

Justice Department Creates Cyber-Digital Task Force

Jonathan E. MeyerTownsend BourneBy Jonathan E. Meyer and Townsend Bourne on Posted in Cybersecurity, Data Security, Government Privacy
On February 20, the Department of Justice announced that Attorney General Sessions had created a new, cross-departmental Cyber-Digital Task Force. He directed the Task Force to advise him on the most effective ways for DOJ to confront cyber threats and keep Americans safe. Specifically, the Task Force is charged with canvassing the work the Department … Continue Reading

There’s a Form for That? Breach Notices and State Reporting Portals

Amber ThomsonLiisa ThomasBy Amber Thomson and Liisa Thomas on Posted in Data Breach, Data Security
The recent launch by Massachusetts Attorney General of an online data breach reporting portal is a reminder that many states have such online reporting mechanisms. In Massachusetts, companies that have suffered a data breach and are required to provide notice to the MA AG can either continue to submit a hard copy notice to MA, … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree